Latest News
New cybersecurity threat discovered in the EA Games – Origin Platform
Nettitude discover a critical vulnerability that compromises the security of user devices.
Nettitude announced we have identified a vulnerability affecting the Electronic Arts Origin Windows client. This discovery is a major find for Nettitude as we strive to continually enhance and maintain the security of our clients and the digital world we live in.
“EA Origin is used by millions of gamers around the world” says Chris Oakley, VP of Technical Services for the Americas at Nettitude. “This vulnerability allows threat actors to deploy malware to e.g. compromise banking and payment data, deploy ransomware, and more.”
Nettitude have found that Electronic Arts Origin Windows client has a vulnerability in the way it handles one of its software libraries. It also runs with excessive service permissions.
This combination of flaws allows an attacker to exploit a machine running the Origin Windows client by moving locally from a low privilege user to a user with the highest privileges. Subsequently, an attacker could easily deploy malware locally and even move laterally to other machines in the network for wider compromise.
A full technical analysis for this vulnerability can be found here. That article explains how we identified and exploited the vulnerability. It also provides guidance to developers on avoiding the same class of vulnerability. The vulnerability was discovered by Tom Wilson (@uint_ptr).
Electronic Arts were receptive to our report and, following communications with us, have recently produced an effective patch. As of the latest version, this local privilege escalation vulnerability in Electronic Arts Origin Windows client has been fixed. This vulnerability has been assigned CVE-2020-27708.
-
Africa6 days ago
Altenar obtains National Manufacturer licence in South Africa
-
Industry News3 days ago
Pennsylvania Skill, powered by Pace-O-Matic, congratulates PA Gaming Control Board and casinos on a banner 2024 with record monthly revenue
-
Asia7 days ago
Government support, medals, and global recognition define a landmark year for Indian esports and video gaming in 2024
-
Latest News3 days ago
FBM Foundation spreads holiday cheer with initiatives in Brazil and the Philippines
-
Australia5 days ago
AUSTRAC Takes Ladbrokes and Neds’ Operator – Entain – to Federal Court Over Serious Non-compliance with Australia’s Money Laundering Laws
-
eSports6 days ago
GRID Joins IBIA as an Associate Member, Strengthening Esports Integrity
-
Australia7 days ago
Regulating the Game 2025 adds masterclass on safer gambling training and customer care
-
Interviews6 days ago
FTDx Wins Xanada Startup Contest: Unlocking Untapped iGaming Traffic with Innovative Monetization Solutions